CVE-2022-29182 - Vulnerability Details

Vendors	Products
Thoughtworks	Gocd

Link	Providers
https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477
https://github.com/gocd/gocd/releases/tag/22.1.0
https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589
https://www.gocd.org/releases/#22-1-0

{"containers": {"cna": {"affected": [{"product": "gocd", "vendor": "gocd", "versions": [{"status": "affected", "version": ">= 19.11.0, < 22.1.0"}]}], "descriptions": [{"lang": "en", "value": "GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. There are currently no known workarounds."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-20T19:05:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/gocd/gocd/releases/tag/22.1.0"}, {"tags": ["x_refsource_MISC"], "url": "https://www.gocd.org/releases/#22-1-0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477"}], "source": {"advisory": "GHSA-qcg6-4q44-3589", "discovery": "UNKNOWN"}, "title": "DOM-based XSS in GoCD", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29182", "STATE": "PUBLIC", "TITLE": "DOM-based XSS in GoCD"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "gocd", "version": {"version_data": [{"version_value": ">= 19.11.0, < 22.1.0"}]}}]}, "vendor_name": "gocd"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. There are currently no known workarounds."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/gocd/gocd/releases/tag/22.1.0", "refsource": "MISC", "url": "https://github.com/gocd/gocd/releases/tag/22.1.0"}, {"name": "https://www.gocd.org/releases/#22-1-0", "refsource": "MISC", "url": "https://www.gocd.org/releases/#22-1-0"}, {"name": "https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589", "refsource": "CONFIRM", "url": "https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589"}, {"name": "https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477", "refsource": "MISC", "url": "https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477"}]}, "source": {"advisory": "GHSA-qcg6-4q44-3589", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:17:54.073Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gocd/gocd/releases/tag/22.1.0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.gocd.org/releases/#22-1-0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29182", "datePublished": "2022-05-20T19:05:12", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-08-03T06:17:54.073Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thoughtworks:gocd:*:*:*:*:*:*:*:*", "matchCriteriaId": "A51919B4-989A-4FED-A34F-DB8C1885564D", "versionEndIncluding": "21.4.0", "versionStartIncluding": "19.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. There are currently no known workarounds."}, {"lang": "es", "value": "GoCD es un servidor de entrega continua. GoCD versiones 19.11.0 a 21.4.0 (inclusive), son vulnerables a un ataque de tipo cross-site scripting attack basado en el Modelo de Objetos de Documentos (DOM) por medio de la pesta\u00f1a Stage Details ) Graphs de una ejecuci\u00f3n de canalizaci\u00f3n. Es posible que un script malicioso en un sitio alojado por el atacante ejecute un script que ser\u00e1 ejecutado dentro del contexto del navegador del usuario y de la sesi\u00f3n GoCD por medio de un abuso de un canal de mensajer\u00eda usado para la comunicaci\u00f3n entre la p\u00e1gina principal y el iframe del gr\u00e1fico de detalles de la etapa. Esto podr\u00eda permitir a un atacante robar las cookies de sesi\u00f3n de un usuario de GoCD y/o ejecutar c\u00f3digo malicioso en el contexto del usuario. Este problema ha sido corregido en GoCD versi\u00f3n 22.1.0. Actualmente no se conocen mitigaciones"}], "id": "CVE-2022-29182", "lastModified": "2024-11-21T06:58:39.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-20T19:15:08.267", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/gocd/gocd/releases/tag/22.1.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gocd.org/releases/#22-1-0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/gocd/gocd/releases/tag/22.1.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gocd.org/releases/#22-1-0"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object